Bugzilla – Bug 856254
MAINT: VUL-1: CVE-2013-6836: gnumeric: gnumeric: heap-based buffer overflow in ms_escher_get_data function
Last modified: 2015-02-19 02:49:33 UTC
CVE-2013-6836 Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6836 https://bugzilla.redhat.com/show_bug.cgi?id=1044857
bugbot adjusting priority
Patch backported to openSUSE 12.2 (gnumeric 1.11.3) openSUSE !2.3 (gnumeric 1.12.0) openSUSE 13.1 (gnumeric 1.12.7)
Update released for openSUSE 12.2, 12.3 and 13.1. Resolved fixed.
openSUSE-SU-2014:0138-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 856254 CVE References: CVE-2013-6836,CVE-2013-6838 Sources used: openSUSE 13.1 (src): gnumeric-1.12.7-2.5.3 openSUSE 12.3 (src): gnumeric-1.12.0-2.4.3 openSUSE 12.2 (src): gnumeric-1.11.3-2.5.2